United States Patent c191
`Pailen et al.
`
`[t t] Patent Number:
`[45] Date of Patent:
`
`4,652,990
`Mar. 24, 1987
`
`[58]
`
`[56]
`
`[75]
`
`[54] PROTECTED SOF'IWARE ACCESS
`CONTROL APPARATUS AND METIIOD
`Inventors: William Pailen, Derwood; Jim L
`Harper, Olney, both of Md.
`[73) Assignee: Remote Systems, Inc., Vienna, Va.
`[21] Appl. No.: S46,2(1{i
`[22)
`Filed:
`Oct. 27, 1983
`Int. Cl.4 .......................... H04Q 5/00; H04L 9/00
`[51]
`U.S. Cl . ........................................ 364/200; 380/4;
`[52]
`380/24
`Field of Search ... 364/200 MS File, 900 MS File;
`340/825.3, 825.31, 825.34; 178/22
`References Cited
`U.S. PATENT DOCUMENTS
`3,611,293 10/1971 Constable et al. .............. 340/149 A
`3,761,883 9/1973 Alvarez ............................... 364/200
`3,798,605 3/1974 Feistel ................................. 364/200
`3,846,622 11/1974 Meyer ............................ 235/61.7 B
`3,892,948 7/1975 Constable ....................... 340/149 R
`3,956,615 5/1976 Anderson et al. ............. 235/61.7 B
`3,985,998 10/1976 Crafton .......................... 235/61.7 B
`3,996,449 12/1976 Attanasio et al .............. 235/61.7 R
`4,025,760 5/1977 Trenkarnp ...................... 235/61.7 B
`4,123,747 10/1978 Lancto et al ................... 340/149 A
`4,193,131 3/1980 Lennon et al ........................... 375/2
`4,214,230 7/1980 Fak et al ......................... 340/149 A
`4,218,738 8/1980 Matyas et al ........................ 364/200
`4,223,403 9/1980 Konheim et al .•...•........•..•.•.... 375/2
`4,227,253 10/1980 Ehrsam et al ....................... 364/200
`4,238,853 12/1980 Ehrsam et al ....................... 364/200
`4,238,854 12/1980 Ehrsam et al ........................... 375/2
`4,259,720 3/1981 Campbell ........................ 364/200 X
`4,264,782 4/1981 Konheim ............................... 178/22
`4,268,715 5/1981 Atalla .................................... 178/22
`4,281,215 7/1981 Atalla ............................... 178/22.08
`4,283,599 8/1981 Atalla ................................. 178/22.1
`4,288,659 9/1982 Atalla ............................... 178/22.08
`4,310,720 1/1982 Check, Jr ......................... 178/22.08
`4,315,101 2/1982 Atalla ............................... 178/22.08
`4,317,957 3/1982 Sendrow .......................... 178/22.08
`4,326,098 4/1982 Bouricius et al. ................ 178/22.08
`
`4,386,234 5/1983 Ehrsam et al. ................... 178/22.09
`4,438,824 4/ 1984 Mueller-Schloer .. ............ 178/22.08
`4,471,163 9/1984 Donald et al ....................... 364/200
`
`Primary Examiner-David Y. Eng
`Attorney, Agent, or Firm-Neuman, Williams, Anderson
`&Olson
`[57)
`ABSTRACT
`A software access control system is disclosed for con(cid:173)
`trolling access to a protected application program. The
`software access control system comprises first and sec(cid:173)
`ond processors, each having a terminal or port adapting
`its processor to be coupled with the other. The first
`processor is programmed to permit access to the pro(cid:173)
`tected application program and comprises a first mem(cid:173)
`ory storing the protected application program, a pro(cid:173)
`gram identification manifestation and a customer identi(cid:173)
`fication manifestation. The second processor comprises
`a second memory for storing a program identification
`manifestation and a customer identification manifesta(cid:173)
`tion, as assigned to the second processor. A user termi(cid:173)
`nal is actuated to transmit an access request message
`including a requested program identification manifesta(cid:173)
`tion to the first processor requesting permission to exe(cid:173)
`cute a particular application program. There is dis(cid:173)
`closed a two-step process of granting access to a pro(cid:173)
`tected application program. First, the requested pro(cid:173)
`gram identification manifestation, as entered on the user
`terminal, is compared with a program identification
`manifestation retained within the second processor. If
`there is a first match, a customer authentication message
`is transmitted from the first processor to the second
`processor. In response, the second processor transmits
`its assigned customer identification manifestation to the
`first processor, wherein a comparison is made between
`the retained customer identification manifestation and
`the assigned customer identification transmission. If
`there is a second match, access to use and to execute the
`application program is granted.
`
`12 Claims, 18 Drawing Figures
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 1
`
`

`

`U.S. Patent Mar. 24, 1987
`
`Sheet 1 of12
`
`4,652,990
`
`F/6-IA
`
`"
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 2
`
`

`

`1 - - - - - - - - - - - - - - - - - - - - -
`PROGlfAM STOllAGlt M&PIOM
`011!.VICE.
`APPLICATION
`lt)C.5C.UTIHCio
`Cll1-ToMaR I D -#
`coMPUTIIUC -1 '2
`
`,4.0c
`
`-----------
`
`,4()1,
`
`TllAN&P&R.5~ ON
`U&afl .. AIIQ~55T
`
`36
`
`44
`
`I
`4n
`'
`1
`I
`I
`I
`I
`C
`I
`I
`.._ ______________ -..J
`l4lc
`
`APPLICATtoN PROeililAM
`
`8
`
`I
`I I I IOP&fCA,., .. G
`I
`I
`I
`I
`I
`
`SVSTR.M
`
`'5of'T-NARli
`
`MaNIOAV
`
`'J.
`
`APPUCATIOH
`PAot.RA9'11
`Marw\OQY
`
`CPU
`
`,~
`
`COMMt,JN ICA"flOH
`PORT'
`
`'ZOQ.
`
`4'-64
`
`IS,
`
`46b J COMMUNICATION
`I
`poa-r
`
`I
`
`1e,,c.
`
`I
`
`46c
`(
`
`J coM11,hJrt•c,i,.·no,..
`
`POQT
`
`4Bc
`
`~
`
`F/G . ./8
`
`14a.
`
`Kev CARR• &A -
`s2
`CAaR,aR:
`llh'PA&~
`5WITCH
`
`so
`
`56
`
`KE.Y CARR lalit.
`
`MIC:120 PROC.e'$•oa
`
`, - - - - - - -
`PAoc•••oa. Kev
`4 INPO
`A
`
`PROc:a&~Q. i<av
`8
`~ INFO
`
`I
`I
`I
`I
`I
`I
`I
`L--~,~,~·~•MIPaoca ... o~ Kev
`t;. INFO
`C
`I !>O
`
`_ _ _ _J
`
`l&a.
`
`D
`
`PROGoa.a.M U5£2S
`Tl!RMINAL
`
`'20
`
`I
`I
`I
`I
`I
`I
`I
`I
`
`l'-A
`
`16b
`
`lfi:tc
`
`~
`r.l.l
`•
`~
`
`et a
`::
`~
`~ ... -\0
`
`00
`-l
`
`N
`
`Cll r .....
`~ -N
`~ ...
`°' l.11
`...
`N
`\0 8
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 3
`
`

`

`U.S. Patent Mar. 24, 1987
`
`Sheet3 of12
`
`4,652,990
`
`/:IG-JC
`
`16a.
`
`MtC!tOPl:tOC E.$ SOR.
`
`lO
`
`i<a-.. c:•aa,att
`M1c:~0Ptt.oc•••oa
`
`Mlt.MOR.V
`
`START
`
`Z.0'1
`
`'200
`
`US&" ATT.MP'TS ~O
`•>c. l!C\n'I!. PAOTI!.C T1!0
`?-.oa.a.AM
`
`FIG-2A
`
`'204
`
`PIIOT&C:T&O
`
`._N_• ____ __
`
`236
`
`No"Kwv· C"ctia1•~
`p ......... ~. "40
`AC:KNOWL..<i,& "'49HT
`51!!NT,
`
`'l.o&
`
`Dl~A•1..•
`Pi:tOG&AM
`lt,tl!.CUT&
`
`PttoeRAh\ APPS.IQ\lll CMIIC.K~ POR
`p~-~·NC· OP
`'1<ay•cA11•1•R 01'4
`ONS 01' $aYaftA'- Po•1uaU1
`C:OMMUNICATIOM POSITS 011"
`~ e, C'CIM ~T~I&
`
`'Zlo
`
`7.1 '2
`
`..
`
`"
`l<•Y' C:Alil11t.1aa, 1$
`Pll.&S•N~. S1!NO$
`ACKNONL.aQ1!MeNT.
`
`PRO.aAM A~CI\J&
`GftA"T• A RANOOM
`S••o Al'tO :s•MOS
`,,. -ro"1<ev .. c:AR1&1•2
`
`~A.AM A"\.IQIJ•
`9W NDS
`P1&0C.II.AM
`11).NTI 11111 CA"'1'10N
`TO "l(ay• CAIUlla,a
`
`Pt:tOGIIAM APP1.IQ\Ja
`SeNOS
`;tANOO!lo1
`A\.GOqlTMM
`:,&\.lk:TION N\JM9Wr&
`
`'Zl6
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 4
`
`

`

`U.S. Patent Mar. 24, 1987
`
`Sheet4 ofl2 4,652,990
`
`•
`
`1<av cAtta,a ca iracw.Ne. s -
`PllOIIRAM 10£MT\PICATIOfll1
`"ANDO"" 111!.lt.O AND
`"L60AITMM SELKT\OH
`NUM . . . a
`
`FIIJ-ZII
`
`'ltS
`
`A
`
`~
`•K~"CAIERI•& CM&CIC• ,,...110
`FO& pt1K&l'4CW 0 ..
`~8Q\JSST&O KLY
`
`...
`
`_.
`
`NO
`L
`
`'1.1."J.
`
`~
`Kl!.Y ~a•••NT
`i
`.... ,..°°""' 11.aao PMSeo
`l!N' • t<av" CA•••• & TO
`"t<•v" P•cc&••o•,
`TIZ-.NSMIT \<8.V
`•L.GO&ITMM
`J,
`i,cav
`.,tllOC&'S•o•
`aNe&v~ CU.TOMS11 __..1.~
`t O
`IJSI ... llANOOM
`M\IMa&• ""'O S8L.aCT90
`COM"'-->C. Al"O v4ciaeo
`SMC&VPTION AU1Ca1TMM
`
`__ ,'14
`
`i
`aNC~O l:USTOM&I& _.'Z.'28
`10 ,~ PM~&o 'TCI
`"Kav'' CAa&t&a AHO
`rtaTUaN.-o i t ,
`PltOC.11.AM A•L1Qu8.
`
`~
`cu•ToM- 10
`IS
`O I IC~O ....
`P.o.llAM APP\.1Qua
`USINO S&&.eCT&O
`AL.GOIIIT"HM ANO
`11ANOOM $l!aO
`
`2.32.')
`
`MO
`
`,;'l?to
`
`,,
`
`234
`I
`
`O&C.lt"f'PT&O cusn,MaC,
`
`ALL.OY,1
`
`.. CIJ6TC)Maa. 10
`... 1D M"TCH S'TOll&O ~ Pt&O•RAM
`
`&X&CU"t'ION
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 5
`
`

`

`U.S. Patent Mar. 24, 1987
`
`Sheets of12
`
`4,652,990
`
`FIG-3A
`
`STA~'T
`
`30'Z.
`
`304
`
`INITIAL11E.
`,-~~~VARIA8LeS
`
`~10
`
`... ,,,..\..
`
`PSlltlPM•llt~
`D&VIC:~
`
`Dl~aa.a
`
`..... ,,...81.
`oavu:a
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 6
`
`

`

`U.S. Patent
`
`Mar. 24, 1987
`
`Sheet6 of 12
`
`4,652,990
`
`F1S-3B
`
`31J
`
`F/0-5C
`
`CllC •'f'
`
`S4va c"'""·
`AND ~D "TO
`c:•c
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 7
`
`

`

`U.S. Patent Mar. 24, 1987
`
`Sheet7 of 12
`
`4,652,990
`
`6
`
`'-0"'0
`Cla .. Au~'T
`UN.CltAM-.a
`TAIIL.e
`
`i52
`
`rl8-3E
`
`SaT
`'TIM&R
`
`35&
`
`s•T
`IN'T&,-NA.~
`·fl·~·NCS
`TO &&flto
`
`SLOW
`9\..INK
`Lao
`
`,&'/fJ-~F
`
`•Hcv-..e" cuaff:IM•R
`'ll> USI,... N8"'T'
`Psauoo AANOOM
`HUMaRR:
`
`a,.,. ,c•AMe1..I!
`~ ... o
`"T'lllANa•-•UT"
`e:tlt~PoN,a
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 8
`
`

`

`U.S. Patent Mar. 24, 1987
`
`Sheet8 of12
`
`4,652,990
`
`FIG. 4A
`INVOKED BY
`VEN~ SCFTWARE
`
`POINT TO THE
`PRDX:T HENTIFIER
`(l<EY IDENTIFICATION)
`
`400
`
`42
`
`/
`
`CALL RESET
`
`404
`
`MOVE FIRST
`VAUOOION SE-
`QUENCE TO OUTPUT
`
`BUFFER <,y BE SENT
`
`408
`
`SECURtTY
`VIOLATION
`
`410
`
`412
`
`416
`
`SECURITY
`VIOLATION
`
`418
`
`POINT TO 2nd
`VALIDATION SE-
`OUENCE TO BE
`COMPARED WITH
`RESPONSE FROM tcEY
`
`422
`
`SECURITY
`VIOLATION
`
`424
`
`RE1lJRN
`
`404
`,)
`
`t.W<E SURE I/ 0
`PRINT IS CLEAR
`
`SET COMMAND FOR
`RESET OPTION
`
`MOVE PRODUCT
`IDENTIFIER TO
`OUTPUT BUFFER
`
`CALL TRANSMIT
`
`CALL RECEIVE
`
`430
`
`432
`
`434
`
`436
`
`438
`
`442
`
`RETURN W/TIME
`OUT ERROR
`
`446
`
`YES
`DETERMNE Wt£RE
`THE RANOOM NUM:lER
`IS LOCAlEO WITH IN
`THE RECEIVED
`TRANSMISSION
`
`448
`
`STORE Tt£ RANX>M
`NUMBER F£CEIVEO
`FROM THE KEY IN
`RNUM AND SEED
`
`RE~N
`
`FIG.48
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 9
`
`

`

`U.S. Patent Mar. 24, 1987
`
`Sheet9 of12
`
`4,652,990
`
`SET COMMAND
`VARIABLE TO
`INDICATE CHECK
`ROUTINE
`
`/
`
`450
`
`MOVE VALIDATION
`SEQUENCE -.1 INTO
`REMAINDER OF
`STORAGE AREA
`
`CALL BUILD
`( BUILD A 7 BIT
`DATA ITEM FOR
`XMISSION)
`
`CALL XMIT
`(TRANSMIT
`SCRAMBLED
`SECURITY CHECK
`DATA)
`
`452
`
`454
`
`456
`
`FIG.
`
`4C
`
`CALL RCV
`(GET RESPONSE
`FROM SECUREWARE)
`
`458
`
`462
`
`MOVE OA1A REC 1VD
`IN10 USER BUFFER
`No
`> - - - - - - -1 AREA (TO BE
`COM~RED WITH
`2nd VALID\TION)
`
`RETURN(RESPON
`RECBVB:>)
`
`466
`
`464
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 10
`
`

`

`U.S. Patent Mar. 24, 1987
`
`Sheet 10 of 12 4,652,990
`
`SEND 3 NULL
`CHARACTERS
`
`470
`
`SEND A STX
`CHARACTER
`
`472
`
`436
`
`/
`
`484
`
`486
`
`POINT TO DATA TO
`BE SENT
`
`476
`
`RANDOMIZE
`CHARACTER BEING
`POINTED TO
`
`478
`
`492
`
`NO POINT TO NEXT
`CHARAClER TO
`BE SENT
`
`494
`
`496
`
`SEND AN ETX
`CHARACTER
`
`RETURN
`
`NO INCREMENT
`POINTER TO DATA
`TO BE SENT
`
`482
`
`FIG. 40
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 11
`
`

`

`U.S. Patent Mar. 24, 1987
`
`Sheet 11 of 12 4,652,990
`
`FIG. 4E
`
`516
`
`SAVE CHARACTERS
`RECEIVED
`
`SET DELAY LOOP
`COUNTERS SO THAT
`DELAY IS 1.5 SECS.
`
`500
`
`458
`
`)
`
`CALL RANDOM
`
`DERANDOMIZED
`CHARACTER
`
`527
`
`INITIALIZE COUNTER
`FOR t:i OF
`CHARACTERS TO
`RECEIVE
`
`CALL BUILD
`{UNSCR.\tlBLE DATA)
`
`RETURN W/ CARRY
`CLEAR
`
`532
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 12
`
`

`

`U.S. Patent Mar. 24, 1987
`
`Sheet 12 of 12 4,652,990
`
`GET PREVIOUS
`RANOOM NUMBER
`
`!526
`)
`
`NO
`
`5!58
`
`GET PREVIOUSLY
`STORED/CREATED
`SEED
`
`GENERATE A (NEW)
`RANDOM NUMBER
`ANO SAVE IT
`
`RETURN
`
`560
`
`!562
`
`FIG.4G
`
`GET INPUT~OUT(cid:173)
`PUTISCRAMU TABLE
`
`PRINT TO FIRST
`B1T POSITION (IN
`TABLE)TO E£ SCRAM(cid:173)
`BLED IN DATA'S
`
`,-530
`
`!536
`
`!538
`
`SCRAMBLE EACH
`BIT OF CURRENT
`BYTE OF DATA
`
`RETURN
`
`FIG.4F
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 13
`
`

`

`1
`
`4,652,990
`
`PROTECTEDSOFI'WAREACCESSCONTROL
`APPARATUS AND METHOD
`
`FIELD OF THE INVENTION
`This invention relates to apparatus and methods for
`protecting software stored in reproducible media,
`whereby theft and, in particular, unauthorized repro(cid:173)
`duction and/or execution of the protected software is
`prevented.
`
`DESCRIPTION OF THE PRIOR ART
`In the prior art, authors and publishers of software
`programs for computers have had no acceptable means
`to prevent the copying of their programs by unautho- 15
`rized individuals. The most common storage medium
`for these programs is the magnetic disk or its functional
`equivalents. Once the program is released to the user in
`this medium, it is a fairly simple task to have a computer
`read the software program and store it temporarily in 20
`the memory of the user's computer until such time as a
`blank disk can be placed in the computer and the com(cid:173)
`puter can then release from its memory and record the
`program on the blank disk. Accordingly, every year the
`owners and publishers of these programs are being 25
`cheated of revenues due them for their product, by the
`user copying the program from a friend at no cost to the
`user. In this manner, individuals and businesses alike are
`acquiring hundreds or thousands of dollars worth of
`programs for the mere cost of the blank disk, which in 30
`most cases costs less than $10.
`The relative explosion of the microcomputer market
`for use in the office and home has propelled the problem
`of software piracy to near epidemic proportions. Soft(cid:173)
`ware development for microcomputers, for example, is 35
`expensive and time consuming. It is therefore important
`to the software developer that each authorized user pay
`for the programs used and not reproduce the programs
`to be used by others or at other sites. Software piracy is,
`in practice, difficult to prevent because it is generally 40
`easy for users to make multiple copies of the programs
`for unauthorized users, and easy for competitors to
`repackage and distribute valuable programs at a frac(cid:173)
`tion of the cost to the original developer. The problem
`is aggravated by the existence of microcomputers 45
`which are becoming widespread.
`Software manufacturers and publishers are losing
`millions of dollars every year in revenues due to the
`piracy of their programs, both by professionals as well
`as the hobbyist or casual users. Published 1982 statistics 50
`indicate that the average personal computer owner, also
`possesses at least five application programs. It is further
`believed that three application programs were pur(cid:173)
`chased and the other two were pirated. The advent of
`program rentals and computer clubs will further com- 55
`pound this problem.
`In the past, software manufacturers have tried to
`prevent the problem by writing unique codes or rou(cid:173)
`tines and embedding them in the storage mediums in a
`fashion that would disable the program in the event that 60
`the proper code was not present. Even the unsophisti(cid:173)
`cated user can easily figure a way to get around or beat
`this technique, by copying the program as published,
`listing it out and looking for the unique codes, or pass(cid:173)
`words. Once he has found the password and can deter- 65
`mine its function in the program, he can easily defeat it.
`Access keys have been employed in the prior art to
`gain access to computers. In those key/computer secu-
`
`2
`rity systems where only the software programs, and not
`the key itself, contain active encoding and decoding
`algorithms, the program information can be easily read
`and related to the corresponding key information con-
`s tained in the software program. As a result, the key can
`be discerned and used subsequently to defeat the secu(cid:173)
`rity system.
`The most effective way to secure a program for its
`intended use, is believed to be by the use of a hardware
`10 key which works in conjunction with the software pro(cid:173)
`gram. Some of the same problems exist with respect to
`defeating the security of such key mechanisms. Previ(cid:173)
`ously reported attempts to develop a hardware solution
`have suffered from a number of disadvantages.
`First, the key information is contained only on the
`software storage medium itself in some implementa(cid:173)
`tions. Therefore, making a complete copy of the me(cid:173)
`dium will result in the possibility of creating an unau(cid:173)
`thorized copy of the program since the key can be cop(cid:173)
`ied along with the protected program. When used nor(cid:173)
`mally, the approach further suffers by preventing the
`user from making legitimate back-up copies of the soft(cid:173)
`ware program and renders it impossible to use the pro-
`grams with large bulk storage devices.
`Other techniques have been developed to contain the
`key information with a read only memory (ROM)
`which is interrogated by the software program prior to
`authorized execution. The defeat of this technique lies
`in the ability of the unauthorized user to record the
`interrogation of the ROM key and to use the key infor(cid:173)
`mation including the password for the creation of dupli(cid:173)
`cate keys. In particular, such ROM keys are coupled by
`exposed cables or ports to the computer, whereby ac-
`cess to the transmitted password between the ROM key
`and the computer is available to the unauthorized user.
`Typically, the transmission of data between the com(cid:173)
`puter and the ROM key is accessed and then stored in a
`table, where the stored key data is analyzed to reveal
`the password.
`Techniques have been developed to encrypt the key
`information including the password to prevent easy
`discovery of the password. If encryption is effected in a
`fixed manner, the password may be discovered by stor(cid:173)
`ing repeated transmissions between the ROM key and
`the computer in a table. The stored transmissions can be
`observed to discern the password to simulate the origi(cid:173)
`nal key's function or to allow duplicate keys to be cre(cid:173)
`ated. Even worse, these observed patterns can allow the
`relationship between the key information and the soft(cid:173)
`ware program to be deduced so that an unauthorized
`universal master key can be created.
`The prior art is replete with various methods and
`apparatus- for encrypting data to be transmitted over
`lines, whereby even if the data is intercepted, stored
`within a table or memory and later analyzed, it would
`·be difficult to decipher the encoding technique. It is
`evident that the degree of data or software security is
`dependent upon the nature of the encryption technique.
`Such techniques have been developed in a context of
`network systems comprising a computer and a plurality
`of remote terminals, whereby a user gains access to the
`computer through a remote terminal. The user's access
`request is transmitted over a communications link to the
`computer. In many applications, it is critical that only
`authorized users be capable of gaining access to the
`computer and/or have access to the data transmitted
`over the communications link.
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 14
`
`

`

`4,652,990
`
`3
`Such data transmission security systems have been
`adapted to banking applications. Typically, a bank cus(cid:173)
`tomer accesses a centrally disposed computer by enter(cid:173)
`ing his personal identification number (PIN) to be trans(cid:173)
`mitted via the communications link to the central com(cid:173)
`puter. If the customer's PIN has a match with a like PIN
`stored within a table of many PINs, a transaction is then
`authorized to be completed. To prevent unauthorized
`access to a customer's PIN or other data, the access
`request including the customer's PIN is encrypted to 10
`prevent recognition. It is well recognized in the art that
`it is virtually impossible to secure such communication
`links; as a result, the unauthorized user may gain access
`to the link and store the flow of data thereof for later
`analysis.
`U.S. Pat. Nos. 4,268,715 and 4,281,215 of Atalla dis(cid:173)
`close a method of encrypting a user's PIN for transmis(cid:173)
`sion from the user station to a processing station. In
`particular, an encoding algorithm module is responsive
`to the output of a random number generator to provide 20
`a first encryption key. The encryption key is applied to
`an encryption module which provides an encrypted
`message indicative of the data to be secured. The en(cid:173)
`crypted message is then transmitted from the user sta(cid:173)
`tion to the processing station, along with the random 25
`number and the key. A decryption module at the pro(cid:173)
`cessing station decrypts the encrypted message using
`the transmitted key and random number. In this man(cid:173)
`ner, the user's PIN is not transmitted over the communi(cid:173)
`cation links, where it would be available potentially to 30
`be read and discovered by an unauthorized user.
`U.S. Pat. No. 4,310,720 of Check, Jr. discloses a com(cid:173)
`puter accessing system, wherein a user enters his pass(cid:173)
`word into a portable access unit to be encrypted as an
`access code to be transmitted over a communications 35
`link to a computer. In particular, the access unit com(cid:173)
`prises a microprocessor programmed with a random
`number algorithm for generating a chain of nonrecur(cid:173)
`ring, pseudorandom numbers from a group of seed num(cid:173)
`bers originally implanted in the microprocessor's mem- 40
`ory. The pseudorandom numbers are used to encode the
`password to form the access code. The computer is
`programmed with a congruent random number genera(cid:173)
`tion algorithm and initial seed numbers compatible with
`those stored in the microprocessor of the access unit. 45
`The computer is initialized such that the initial access
`code generated by each access unit is stored in an avail(cid:173)
`able memory at the computer. Thus, the computer gen(cid:173)
`erates a chain of congruent random numbers, whereby
`a corresponding access code is provided to be com- 50
`pared with that access code transmitted from the re(cid:173)
`mote access unit; if a match is made, access to the com(cid:173)
`puter is granted.
`U.S. Pat. No. 4,349,695 of Morgan et al. discloses a
`data access authentication system, wherein a user trans- 55
`mits a user identification from a remote terminal to an
`authenticator station, which controls access to a com(cid:173)
`puter. In response to the user identification, the authen(cid:173)
`ticator station generates a randomized character or
`character sequence, termed a key, that is transmitted to 60
`the access requester at the remote terminal. The key is
`also stored at the authenticator station to be used later.
`The remote terminal deciphers and uses the key to de(cid:173)
`termine the starting point of a series of randomized
`digital characters generated by a key generator at the 65
`remote terminal. The random character is deciphered
`and retransmitted back to the authenticator station to be
`deciphered and, then, compared with the previously
`
`4
`stored randomized character. If a match is made be(cid:173)
`tween the received and stored randomized characters,
`the user is authenticated to gain access to the computer
`at the authenticator station and to receive data there(cid:173)
`from.
`U.S. Pat. No. 4,317,957 of Sendrow describes a sys(cid:173)
`tem for authenticating users attempting to access a cen(cid:173)
`trally disposed computer. The user's PIN is encrypted
`and transmitted to the centrally disposed computer,
`where it is decrypted and compared with stored PINs
`to potentially validate a transaction with the requesting
`user. A secret terminal master key is disposed both at
`each remote terminal and at the centrally disposed com(cid:173)
`puter. In addition, multiple encryption and decryption
`15 techniques are retained at both the centrally disposed
`computer and at each remote terminal. The user enters
`his PIN in the form of an account number into the re(cid:173)
`mote terminal which generates a working key unique to
`each transaction. The working key is in tum used to
`encrypt the transaction request message to be transmit(cid:173)
`ted to the centrally disposed computer, which derives
`the working key to decipher the transaction request
`message. The deciphered message includes the user's
`PIN which is compared with a table of valid PINs
`stored within the memory of the centrally disposed
`computer. If a match is realized, a transaction access
`response is made to the requester at the remote terminal.
`The working key is a result of multiple encryptions in a
`predetermined way as stored within each remote termi(cid:173)
`nal, these encryptions being dependent upon the master
`key. Corresponding multiple decryptions are stored at
`the centrally disposed computer that are initialized or
`synchronized with the multiple encryptions used at the
`remote terminal.
`The security provided by a key may be defeated by
`inserting the key, or otherwise entering an access word,
`into the computer for executing the protected program.
`Typically, as noted above, the entered access word is
`compared with a retained access word as may be em(cid:173)
`bedded in the software. Thereafter, the protection sys(cid:173)
`tem provides authorization to proceed with the use
`and/or execution of the protected program. Typically
`after authorization, the authorized program is stored in
`an operating memory of the computer, where it is avail(cid:173)
`able to be executed. The unauthorized user may gain
`access to this program by removing the key and of using
`available diagnostic apparatus and/or available pro(cid:173)
`grams to take a "snap shot" of the operating memory
`and, thus, the allegedly protected program. In particu(cid:173)
`lar, the present content of the operating memory, in(cid:173)
`cluding the allegedly protected program is read out and
`may be readily copied for unauthorized distnbution.
`A disadvantage of some present methods and appara(cid:173)
`tus for protecting programs resides in the fact that the
`protection method may prohibit the use of non(cid:173)
`protected programs. For example, some program pro-
`tection apparatus require execution authentication on
`each transaction between the executing computer and
`the user terminal upon which a request is entered. It is
`difficult to adapt such protection systems to operate
`with programs that do not require protection.
`Further, it is often desired to use more than one soft-
`ware program that is protected by a key. In these appli(cid:173)
`cations, the computer operator must change physically
`the keys or enter new key information from his user
`terminal, when switching from one application program
`to the next. Supporting multiple keys for numerous
`software programs has presented both functional and
`
`APPLE EXHIBIT 1062
`APPLE v. PMC
`IPR2016-01520
`Page 15
`
`

`

`4,652,990
`
`s
`logistic problems in that the logic control, as well as the
`physical space, is not provided in most computers that
`will permit accepting of multiple keys, much less the
`logic sequencing necessary to determine whether each
`of successive application programs is authorized by a
`corresponding key for execution by the computer.
`
`SUMMARY OF THE INVENTION
`It is therefore an object of this invention to provide a
`new and improved method and apparatus for prohibit- 10
`ing the functional use in terms of execution and/or
`copying of a software program.
`It is a further object of this invention to provide a
`new and improved method and apparatus for protecting
`software, wherein the protected software is uniquely 15
`associated with a key that permits execution of the
`protected software on any computer provided that the
`corresponding key is coupled to the computer.
`In accordance with these and other objects of this
`invention, there is provided a software access control 20
`system for controlling access to a protected application
`program. The software access control system comprises
`first and second processors, each having a terminal or
`port adapting its processor to be coupled with the other.
`The first processor is programmed to permit access to 25
`the protected application program and comprises a first
`memory storing the protected application program.
`The second processor comprises a second memory for
`storing a program identification manifestation assigned
`to the second processor. A data communication mecha- 30
`nism, illustratively in the form of a user terminal, is
`actuated to transmit an access request message includ(cid:173)
`ing a requested program identification manifestation to
`the first processor, requesting permission to execute a
`requested application program. The first processor 35
`comprises means responsive to the receipt of the access
`request message for transmitting an authentication mes(cid:173)
`sage to a carrier adapted to receive a plurality of the
`second processors. The carrier is responsive to the au(cid:173)
`thentication message for accessing the second memories 40
`of the second processors to obtain their assigned pro(cid:173)
`gram identification manifestations and includes means
`for determining whether there is a match between the
`requested program identification manifestation and
`their assigned program identification manifestations 45
`and, if there is a match, for generating and transmitting
`an access granting signal to the first processor.
`In a further aspect of this invention, a second identifi(cid:173)
`cation manifestation is assigned to an app1ication pro(cid:173)
`gram identifying a particular user to be granted access 50
`to the program. The first memory of the first processor
`stores a second or application identification manifesta(cid:173)
`tion corresponding to its application program. The sec(cid:173)
`ond processor stores in its second memory a second
`identification manifestation assigned to the second pro- 55
`cessor and, in response to an authentication message,
`transmits the assigned second identification manifesta(cid:173)
`tion to said first processor, whereby said first processor
`compares the assigned second identification manifesta(cid:173)
`tion with its second identification manifestation and, if 60
`there is a match, grants access to use the requested
`app1ication program.
`In an illustrative embodiment of this invention, there
`is a two-step process of granting access to a protected
`application program. First, the program identification 65
`manifestation, as entered on the user terminal, is com(cid:173)
`pared with the first or program identification manifesta(cid:173)
`tion as assigned to the second processor coupled to the
`
`6
`first processor. If there is a match, a further step is
`taken. The further step transmits a further authentica(cid:173)
`tion message from the first processor to the second
`processor. In response, the second processor transmits
`5 the assigned second or customer identification manifes(cid:173)
`tation to the first processor, wherein a comparison is
`made between the retained second identification mani(cid:173)
`festation and the assigned second identification manifes-
`tation. If there is a match, access to use and to execute
`the app1ication program is granted.
`BRIEF DESCRIPTION OF THE ORA WINGS
`A detailed description of a preferred embodiment of
`this invention is made in conjunction with the foJlowing
`drawings in which Jike references are used in the differ(cid:173)
`ent figures for illustrating the same elements:
`FIGS. lA, lB, and lC are respectively a perspective
`illustration of the elements of a software security system
`in accordance with the teachings of this invention, a
`functional block diagram of the software security sys(cid:173)
`tem of this invention and a functional block diagram
`particularly showing the computer architecture of the
`responsive key carrier and its processor keys;
`FIGS. 2A and 2B comprise a high level flow diagram
`of the sequence of steps executed by the application
`program executing computer and the microprocessor
`key for permitting use of an application program by the
`application executing computer, as shown in FIGS. lA
`and lB;
`FIGS. 3A to 3F comprise a low level flow diagram of
`the program stored within the memory of the micro(cid:173)
`processor responsive key carrier, as shown in FIGS.
`IA, 1B and IC; and
`FIGS. 4A-4G comprise low level flow diagrams of
`the sequence of steps of the app1ique program embed(cid:173)
`ded into the application program as illustrated in FIG.
`IA.
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENT
`Referring now to the drawings and, in particular, to
`FIGS. lA and lB, there is shown a software security
`system or apparatus in accordance with the teachings of
`this invention. The software security apparatus of this
`invention is designed to protect the unauthorized use, in
`terms of execution and/or copying, of one or a plurality
`of application programs 4&, 40b and 40c in an applica(cid:173)
`tion program executing computer (APEC) 12. As
`shown in FIG. 1, such application programs 40 may be
`typically stored within an external memory 36 coupled
`by a suitable bus to an internal memory 32 for storing
`the operating system software that serves to call and to
`control the execution o